Harness announced four new product modules on the Harness platform — Harness Code Repository, Harness Internal Developer Portal, Harness Infrastructure as Code Management, and Harness Software Supply Chain Assurance. Each module is aimed at advancing the state of software delivery and developer experience.

Harness Code Repository: Harness Code Repository is a premium module based on open source Gitness and tailored to meet the demands of enterprise teams and organizations. Gitness is a developer-friendly, open source Git platform created to address common obstacles in traditional software development workflows. Harness Code Repository provides additional enhanced features and capabilities for Gitness, including:

• Collaborative code reviews to foster collaboration and knowledge sharing, for higher code quality and fewer errors
• Advanced governance with branch protection to ensure stability by preventing unauthorized or risky changes from being merged into critical branches, reducing the chance of introducing bugs or vulnerabilities
• Policy enforcement powered by OPA to ensure code complies with predefined organizational standards and best practices, reducing manual intervention and human error
• Seamless integrations tailored for the development process on the Harness platform help streamline the development process by connecting code repos with other development and deployment tools to improve efficiency and collaboration, which accelerates the software delivery pipeline

Harness Code Repository will be available in beta next month.

Harness Internal Developer Portal (IDP): Harness IDP helps organizations accelerate new service onboarding, simplifying the often complex and time-consuming process of setting up infrastructure, configuring frameworks, establishing CI/CD pipelines, and more. It is built on the Backstage.io platform, providing critical governance features out of the box and a simplified management experience.

Harness IDP includes:

• Self-service automation enables developers to create new services quickly, eliminating up to days or weeks of waiting time
• The Software Catalog unifies essential service information, such as builds, deployments, alerts, and health metrics, into a single pane of glass called the Software Catalog
• Discoverability of tools enhances collaboration and communication within organizations by providing easy discoverability of internal services, APIs, and tools, which helps prevent duplication of efforts and enables efficient knowledge sharing
• Scorecards enable platform engineers to gauge service maturity and encourage the adoption of best practices from DevOps, development, and security perspectives—effectively gamifying the quest for excellence in software development

Harness Infrastructure as Code Management (IaCM): Companies are using Infrastructure as Code (IaC) to define infrastructure requirements, configurations, and dependencies, and to manage resources in a more efficient and repeatable way. However, customers are still finding that most IaC solutions are labor intensive, create errors, and come with limited visibility and guardrails. Harness IaCM addresses these challenges and adds automation and security.

Harness IaCM provides:

• An advanced pipeline for IaC automation, simplifying code management from Pull Request (PR) to provisioning. Streamlining the process speeds up the creation, testing, review, and deployment of infrastructure changes, significantly improving efficiency
• Automatic drift detection and remediation continuously monitors the infrastructure for deviations, ensuring all changes are done in the right process
• OPA-based infrastructure policies to enforce security and compliance standards. These policies, defined as code, are applied automatically during the provisioning process, reducing the risk of misconfigurations and vulnerabilities
• Provides the PR process for reviewing infrastructure changes, making it more efficient and error-resistant by allowing developers to understand the impact of their changes before merging the code

Harness Software Supply Chain Assurance: Recent supply chain attacks, such as log4j and SolarWinds, underscore the importance of open source governance and ensuring software artifact integrity in alignment with standards like Supply Chain Levels for Software Artifacts (SLSA). In the United States, Executive Order 14028 mandates SBOMs, provenance verification, policy enforcement, and rapid zero-day vulnerability response to enhance supply chain security.

The Harness Software Supply Chain Assurance (SSCA) module comprehensively addresses these requirements by providing:

• Deep visibility and control over open source software components, allowing organizations to monitor and enforce policies based on component versions, licenses, suppliers, and more
• Streamlines the generation of SBOMs in various formats, enabling secure sharing and storage. Users can sign and validate SBOMs with their private keys
• Enables governance by setting up policies to block harmful or risky components, such as log4j, in an organization’s supply chain
  Ensures software integrity by generating and verifying attestations, following SLSA specifications and mandates listed in Executive Order 14028
• Strengthens software development with DevSecOps practices, further letting software producers effectively ship secure software artifacts to their consumers